Not happy with ERA 6

[Ivica Vugrinec 0]

 

I've been using ESET since around 2006.  I have always thought the Remote Administrator Console was rather simplistic, to the point, and functional.  It wasn't always what I would call  "pretty", but it worked and was easy to manuver.  Now I am testing Remote Administrator 6 and my opinion of ESET's RA Console has just about hit rock bottom.

 

First of all, the documentation is pretty vague, especially when it comes to pointing to a new repository.  Some sort of syntax or example of what needs to be in that field would be extremely helpful.  I would rather the 600+ computers download from a local server and not the Internet for agents, updates, etc.

 

I have not successfully deployed a single agent from the console regardless of any proxy settings on the console or my proxy server.  I was able to modify the agent installing BAT file and point it to a network location for grabbing the agent MSI file.  I shouldn't have to do this.  I should not have to jump through hoops to install a single agent.  If I wanted to do that I would have gone with Sophos back in 2006 when you had to manually create a self-extracting exe file with WinRAR and create custom scripts to install or upgrade their software.

 

Once I did get an agent installed (manually of course) I moved onto installing the EndPoint Security product.  Once again, documentation is vague (useless), but I was able to finally install the product using a local share path.  It was so much simpler in version 5.

 

Okay so I have an agent installed, a product installed...now I need to activate it.  Once again documentation is useless.  Reports are useless as they don't show any real details about the error messages.  I'm one of those admins that if I can look at a log, I'll figure it out.  I checked all the proxy settings multiple times, turned them off and allowed everything through, but I can't even get a single product activated.  I had to settle for manually activating it from the client, which is not going to work.  I'm not going to manually activate 600+ clients when the RA Console "should" do the job automatically.

 

I didn't care for having to recreate all our special policies.  It would have been nice to be able to migrate them from version 5.  I'd be okay losing some event logs for the sake of not having to recreate my policies from scratch, but I guess knowing what happened 6 months ago out-weighs that.

 

My experience with testing RA version 6 has been just a little above using McAfee ePolicy Orchestrator (back when I used it).  My opinion is ESET fired the programmers that knew what they were doing  in version 5 and hired in a bunch of graphic artists to make version 6.  It's nice, I have to give them that, however it is anything but simplistic and functional.

 

I'm sorry for the rant.  I'm not one to toot my own horn, but I can usually figure stuff out pretty quick without a support call.  If I can't then OK let's call support, but at the same time I'm thinking maybe I need to be looking at a different product from a competitor.

shawkins, 

 

This type of feedback is very useful and we encourage it. You may have guessed that those of us who man the forums aren't developers, but rest assured that your communication about V6 will be delivered to not only the developers, but everyone beyond them in the chain of command. ESET is a huge proponent of customer experience and as a result we all have skin in the game. Again, your time in putting this post together is much appreciated.

 

 

I'am a 10 years long ESET customer. I' am so disapointed with ERA 6.x.  It's lack of documentation is disapointing. The most basic stuff does not work (like instaling the security products). There are no detailed logs on task failure, no documentation, low support...

 

I had a virtual appliance crashing. Had to figure it myself after week od debugging and testing. Had to mess with linux kernel to make it work. Come on!  Thats crazy (now it works!!).

 

I'am stuck with ESET now and hope that ERA 5.x will support installation and management od ESET Endpoint Antivirus products. I' am just asking - if we bought the licences - can you please just help us install it?  i'am also a "I can usually figure stuff out pretty quick without a support call" and "I'm one of those admins that if I can look at a log, I'll figure it out." as  shawkins, described himself (and me also).

 

Just give as bascis and we wel get on our own.. If not.. it's just a 1 year contract and ERA 5.x is working great...

[logikz 0]

I agree with everything said here.

 

The question marks at the edges of fields provide more insight then all their documentation.

 

The report generator, can you allow us to create maybe 5 reports at once and have them all compiled into 1 PDF?  Or do I have to continue to compile them all myself to send to the boss.  ESET5 had reporting down.  Can we modify the quick context menu scans?  Or signature updates via context menu?  If i initiate a sig update via context menu it should be assumed that i want to clear the cache, because obviously something is wrong with that computer.  

 

Provide documentation longer than 1 paragraph for triggers/throttling.  

 

Also, when does the official version of this come out?  This is a beta right?

[Ivan 0]

I use ESET for many years on over 200 computers (with AC, Domain). I do web programming more years, and I can see exactly what the deficiencies in the new version (ERA 6). 

What all we can see is the feeling that we have no control, as in the previous version. This is mainly due to poor user interface which is slow, disorganized. 

Web interface looks like a template (google html admin templates) that can be purchased for developers, and are generally poorly designed, as is the case with this - a lot of content, no useful information (+ ugly interface, in my opinion). 

Example of poor interface and organizations: when scroll you waiting to be loaded computers on the network (but those who have already displayed over disappearing, so when you scroll top you again need to wait again for them to load). So, practically, when you have more than one computer, it is necessary, after every second to wait a few seconds to load other computers, whether to scroll up or down. This is disastrous deliberately, very irritating and slows down.

 

By using the web interface is preferred for multi plaftorms, but in this case it is a very poorly designed.

 

Because of the feeling that I have no control over the computers (and ERA looks like a semi-product) the first time after so many years of use ESET Products I am thinking to change it...

[ElJuan 2]

Shawkins.

 

I have experimented almost the same issues that you have.

and I have spent a lot of time resolving issue by issue, that I would like to share.

 

because my scenario is that we have a classic Squid Proxy for the Internet access, the activation issue was solved adding the following lines in the httpd.conf of the apache server configuration from the ERAS Server :

 

ProxyRequests On

ProxyVia On
ProxyRemote * hxxp://squidserverhostname:3128

 

This was successful tested in Windows & Virtual Appliance (Linux Centos 6)

 

also make sure you have this PC client configuration in Advanced setup/Tools/Proxy:

Proxy server = use proxy server enabled

Proxy server = hxxp://erasserverhostname

Port = 3128

 

you can create an Eset Securty Product Policy to push the above config.

This configuration may solve the update definitions issues.

 

I would like to hear if this can help.

regards.

 

 

[circumpunct 2]

I have been an ESET/NOD32 user since the earliest days (Hospital on the Edge of the Disk, anyone?) and even worked for an ESET distributer for a few years.

 

ERA 6 is a disaster.

 

PLEASE get it sorted out. The client end is still best-of-type, but lack of effective central control and reporting lets it down. It keeps telling me clients have a problem (outdated OS, no update etc.) , but after a long walk to check them, they turn out to be fine. They are connecting with the server according to the 'last connection' time, but seen to be reporitng historic problems with a current time and date. Anybody else got this and know how to fix it?

[Marcos 5,070]

PLEASE get it sorted out. The client end is still best-of-type, but lack of effective central control and reporting lets it down. It keeps telling me clients have a problem (outdated OS, no update etc.) , but after a long walk to check them, they turn out to be fine. They are connecting with the server according to the 'last connection' time, but seen to be reporitng historic problems with a current time and date. Anybody else got this and know how to fix it?

 

This is probably just misunderstanding of how v6 works. By default, agent reports system issues you've mentioned, howe ver, youcan disable these reports via agent's policy. If you look at the details of the alerts, you would most likely see agent as the source.

[bbahes 29]

 

PLEASE get it sorted out. The client end is still best-of-type, but lack of effective central control and reporting lets it down. It keeps telling me clients have a problem (outdated OS, no update etc.) , but after a long walk to check them, they turn out to be fine. They are connecting with the server according to the 'last connection' time, but seen to be reporitng historic problems with a current time and date. Anybody else got this and know how to fix it?

 

This is probably just misunderstanding of how v6 works. By default, agent reports system issues you've mentioned, howe ver, youcan disable these reports via agent's policy. If you look at the details of the alerts, you would most likely see agent as the source.

 

 

Then make documentation that explains how this new system really works.

 

Also, why would someone want to disable feature in security product, unless it's broken?

 

Does ESET have any major update for v6 in plan?

[Marcos 5,070]

Also, why would someone want to disable feature in security product, unless it's broken?

 

There were indeed many requests not to report security center issues. Hence we later added the option not to report them to ERAS by agent on clients.

Does ESET have any major update for v6 in plan?

There should be 2 major updates of ERA v6 available this year which will bring further improvements according to the feedback we've received.

[bbahes 29]

 

Also, why would someone want to disable feature in security product, unless it's broken?

 

There were indeed many requests not to report security center issues. Hence we later added the option not to report them to ERAS by agent on clients.

Does ESET have any major update for v6 in plan?

There should be 2 major updates of ERA v6 available this year which will bring further improvements according to the feedback we've received.

 

 

Many thanks for this info!

 

Regards.

[circumpunct 2]

 

PLEASE get it sorted out. The client end is still best-of-type, but lack of effective central control and reporting lets it down. It keeps telling me clients have a problem (outdated OS, no update etc.) , but after a long walk to check them, they turn out to be fine. They are connecting with the server according to the 'last connection' time, but seen to be reporitng historic problems with a current time and date. Anybody else got this and know how to fix it?

 

This is probably just misunderstanding of how v6 works. By default, agent reports system issues you've mentioned, howe ver, youcan disable these reports via agent's policy. If you look at the details of the alerts, you would most likely see agent as the source.

 

Then please explain how it works.

 

Hey, I'm on your side. I used to sell the previous version and made a good living off it. But I can't figure this out or find any documentation to explain it.

 

Here a sample issue. Please tell me how to resolve it.

 

I'm getting a lot of alerts on the dashboard telling me there are problems, but in fact the problems have cleared. ERA 6 does not tell me they have cleared, so I'm wasting time chasing them down.

 

Example: I have a machine showing in ERA6 as OS out of date. The OS on the machine has in fact updated and the EES 6 on the machine correctly shows no problem.

 

Looking at the ERA, the machine last connected a few minutes ago. The problem is still listed, with a 'problem occurred' time of a few hours ago. How come it still shows in the dashboard donut (even refreshed) as a problem? It is now historic. I can see that having an archive might be useful, but I don't need summary notifications showing problems that have gone away. I also don't want to suppress OS currency messages as it could fail to update in future. I aslo dont need to supress messages older than 'n', because how do I know the problem has cleared?

 

Basically I would like the ERA dashboard to show the CURRENT situation, in the same way the EES on the machine does. I don't need it showing me red and yellow donuts for problems that no longer exist. Multiply that by a few hundred PCs and it becomes a nightmare.

 

Am I missing something here?

 

If it is possible, how do I set up to show the current status? And why is that not the default?

 

I hope this is a constructive post and I really do want to get this sorted out rather than revert to ERA 5.

 

Thanks.

[michalp 20]

OS up to date check is resource consuming as it needs to contact Windows Update servers and ask for new updates. That is why it is not done on every agent connection to server, but on Windows it is done each 18 hours or 10 minutes after agent startup.

 

There are two possibilities to change this behaviour:

1. Suppress this check by policy on computers where do you have EES installed. Endpoint will take over OS update checks.

2. Run OS update task from ERA. This task will update OS and run re-check afterwards.

Edited June 2, 2015 by michalp

[zackliu 2]

I would like to echo the first post.  

 

I have been using eset for just over a year.  I loved the product.  The admin console was quick and easy to use. Navigation was simple. Detection was amazing. It was fast, and did bog down the workstations. Everything I hated about symantic, mcafee, etc was gone!  

 

Then v6 was released...  oh, how I wish I would have spent more time with it in testing before deploying it to production.  I am not happy with v6 at all.  There really isn't much I like about it. I don't care for the web based console.  I don't like the agent approach of the client, I'm seeing it cause some odd issue with WMI service, and consuming cpu.  The deployment of a/v, generating reports, view the panels, just about everything is overly complicated and cumbersome.  Not all is bad, I do like the rouge scanner.  

 

I'm torn on what to do next. Do I give v6 more time, and maybe grow into it?  Regardless, change is going to happen, but it looks like I'll be changing back to v5!

For your WMI Service issue and ekrn.exe consuming CPU resources, we had the same issue in our environment and it turns out that HIPS filtering mode needs to be set at "Smart Mode" (Automatic Mode doesn't work), and make sure you do not "log all blocked operations" in HIPS.

 

ESET v6 should have been tested more before released. 

[Marcos 5,070]

For your WMI Service issue and ekrn.exe consuming CPU resources, we had the same issue in our environment and it turns out that HIPS filtering mode needs to be set at "Smart Mode" (Automatic Mode doesn't work), and make sure you do not "log all blocked operations" in HIPS.

ESET v6 should have been tested more before released.

 

V6 had indeed been tested carefully before the release. If you enable debug logging intended only for troubleshooting purposes (has been there since Endpoint v5), it usually results in excessive logging and thus causing negative impact on system performance.

[circumpunct 2]

OS up to date check is resource consuming as it needs to contact Windows Update servers and ask for new updates. That is why it is not done on every agent connection to server, but on Windows it is done each 18 hours or 10 minutes after agent startup.

 

There are two possibilities to change this behaviour:

1. Suppress this check by policy on computers where do you have EES installed. Endpoint will take over OS update checks.

2. Run OS update task from ERA. This task will update OS and run re-check afterwards.

 

Thanks for the quick reply.

 

Option one is a bit confusing. I can supress the ERA OS update check by policy, but ESS iteself will take over OS update checks? I presume what you mean is ESS will do update checks but will not report them to ERA? If so, that's not an option. It's basically just turning off the feature - unless I inspect the PCs manually.

 

Option two seems a bit of a cludge. Presumably this means running a perhaps unnecessary OS update job, just to force an OS check? Again, not particularly satisfactory. No way to force the check without the update?

 

Is there at lease an option to delete the indidividual OS (and other) alerts? I would assume this was an incuded feature, but I can't seem to find it.

 

I'll try a little longer with ERA 6, but I think  we will probably revert to 5 until it gets fixed properly. IT is busy enough and I don't have time for this.

 

Thanks for trying.

Edited June 3, 2015 by circumpunct

[circumpunct 2]

OS up to date check is resource consuming as it needs to contact Windows Update servers and ask for new updates. That is why it is not done on every agent connection to server, but on Windows it is done each 18 hours or 10 minutes after agent startup.

 

A further comment: What has the agent to ERA server connection got to do with resource use? The EES already knows the OS is up to date and is reporting this correctly on the local machine. It is just the ERA that has outdated information. Surely all the agent needs to do is pull the info from the ESS and send to ERA? Can't be more than a byte or two at most, and all on the local LAN. Why does it need to wait 18 hours to do that to 'save resources'?

Edited June 3, 2015 by circumpunct

[Megachip 5]

ATM, ERA6 is a nice looking product, but for me unusable in (our) business environments. To unstable, to much missing needed features. No useful upgrade path from V5.

 

Lets see what the future brings. AFAIK V5 is still in maintenance for the next 3 years.

[michalp 20]

The agent does the OS check independently from EES. By default they both check for OS updates. By setting policy for agent, you will only disable checking on the agent but EES will still do the checks.

[circumpunct 2]

If I understand you correctly, you have TWO separate systems on each PC checking that the OS is up-to-date? (Why duplicate a system that you have already said is resource-intensive?)

 

One of them will incorrectly report to the dashboard for 18 hours that the OS is out of date if it happens to run just before an OS update?

 

The other will check the OS, but will not report it to the dashboard?

 

I really hope I have misunderstood something here, because that sounds quite ridiculous.

 

I've been an EST fan for decades, but I'm seriously thinking of jumping ship. If the ERA is so borked up, how can we be sure the AV is any better?

[Marcos 5,070]

If I understand you correctly, you have TWO separate systems on each PC checking that the OS is up-to-date? (Why duplicate a system that you have already said is resource-intensive?)

 

Reports about an out of date OS from agent may be useful in cases when agent is already deployed and an admin wants to make sure that the OS is fully updated before continuing with Endpoint deployment (e.g. to prevent serious issues from occurring when certain hotfixes are missing).

[circumpunct 2]

 

If I understand you correctly, you have TWO separate systems on each PC checking that the OS is up-to-date? (Why duplicate a system that you have already said is resource-intensive?)

 

Reports about an out of date OS from agent may be useful in cases when agent is already deployed and an admin wants to make sure that the OS is fully updated before continuing with Endpoint deployment (e.g. to prevent serious issues from occurring when certain hotfixes are missing).

 

 

I'm trying to be constructive and not unreasonably critical, but I can't see that makes any sense at all.

 

If it's a pre-installation check and it is so load-intensive, why keep running it after EES is installed? And what use is it as a pre-installation check if it can generate false alarms for 18 hours after an OS update?

 

I really just want to know if all my PCs have the latest OS or not. Right now ERA generates too many false alarms.

 

I have a bunch of other issues but no time to deal with them at the moment, so we are reverting to another solution. We are still running EES/ERA on a small test network and may come back to ESET if the product and documentation improve.

 

Thanks for trying to help.

[worried 1]

I have same experience.

 

The ERA should show the same information as we see on the End Point Security if we are at the computer. But it does not. It shows OS out of date and other errors that dont exist on the workstations.

[Marcos 5,070]

The ERA should show the same information as we see on the End Point Security if we are at the computer. But it does not. It shows OS out of date and other errors that dont exist on the workstations.

 

Endpoint allows you to choose the level of update severity to be notified about when missing. This is not the case of agent, however, you can easily turn off these notifications.

[worried 1]

I'm not clear how 'level of severity' comes into it.

 

Surely an OS is either up to date or it is not?

[glsb 1]

All in all, I see potential in the v6 interface - I just wish it was polished and ready to roll already.  As others have posted, we need further documentation.  Preferably, those little pop-up help tidbits when hovering/clicking the help icon next to fields/areas of interest.  For instance, %VARIABLES% for custom notifications - there was a nice 'pop-up' for this in v5.

[jbossbarr 2]

The ERA v6 OVA is not well designed. So far, we have "attempted" to deploy it at several clients. The product is very unpredictable, has no auto-update task feature, and is otherwise very slow and clunky. This product is really alpha software, not ready for deployment. Also, have you noticed that support is inundated with calls in the past several months? This is because this product is poorly documented and requires significant guesswork to deploy.